CVE-2010-0405 – bzip2: integer overflow flaw in BZ2_decompress

https://notcve.org/view.php?id=CVE-2010-0405

Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. Desbordamiento de enteros en la función BZ2_decompress en decompress.c en bzip2 y libbzip2 anterior v1.0.6 permite a atacantes dependientes del contexto causar una denegación de servicio (caída aplicación) o probablemente ejecutar código de su elección a través de ficheros comprimidos manipulados. • http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html http://marc.info/? • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •